CVE-2019-7305

Published: Apr 10, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP. Introduced in the Makefile patch file debian/patches/debian-changes-2.1.0b6+dfsg-1 or debian/patches/adds-a-makefile.patch, this can lead to data leakage, information disclosure and potentially remote code execution on the web server. This issue affects all versions of eXtplorer in Ubuntu and Debian

Affected (1)

Products: Extplorer: Extplorer

1 product

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Extplorer Extplorer	Up to 2.1.0

Running on/with	Platform Versions
Canonical Ubuntu Linux	All versions
Debian Debian Linux	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

References (2)

https://launchpad.net/bugs/1822013

Source: security@ubuntu.com

Issue TrackingThird Party Advisory

https://launchpad.net/bugs/1822013

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

Timeline

No history available yet.